fix: remove [Authorize] from BFF OrderController — BFF proxies don't configure auth schemes

BFF server forwards JWT via AuthForwardingHandler to downstream services.
Adding [Authorize] on BFF controllers causes "No authenticationScheme was specified"
error since the BFF server itself has no JWT middleware configured.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/web-client-tpos-net/src/WebClientTpos.Server/Controllers/OrderController.cs

@@ -11,7 +11,6 @@ namespace WebClientTpos.Server.Controllers;
 /// VI: Controller đơn hàng — proxy đến OrderService cho đơn hàng, POS thanh toán, dashboard.
 /// </summary>
 [ApiController]
-[Authorize]
 [Route("api/bff")]
 public class OrderController : ControllerBase
 {